FEDORA-2022-e37e1e6c7a created by remi 4 months ago for Fedora 34
stable

Security Updates

Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

How to install

sudo dnf upgrade --advisory=FEDORA-2022-e37e1e6c7a

This update has been submitted for testing by remi.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

remi edited this update.

4 months ago

remi edited this update.

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
4 months ago
modified
4 months ago
BZ#2039301 CVE-2022-21661 wordpress: SQL injection via WP_Query
0
0
BZ#2039302 CVE-2022-21661 wordpress: SQL injection via WP_Query [fedora-all]
0
0
BZ#2039306 CVE-2022-21662 wordpress: stored XSS through authenticated users
0
0
BZ#2039307 CVE-2022-21662 wordpress: stored XSS through authenticated users [fedora-all]
0
0
BZ#2039312 CVE-2022-21663 wordpress: authenticated object injection in multisites
0
0
BZ#2039313 CVE-2022-21663 wordpress: authenticated object injection in multisites [fedora-all]
0
0
BZ#2039317 CVE-2022-21664 wordpress: SQL injection due to improper sanitization in WP_Meta_Query
0
0
BZ#2039318 CVE-2022-21664 wordpress: SQL injection due to improper sanitization in WP_Meta_Query [fedora-all]
0
0

Automated Test Results